Not the website you're looking for? Click here for Webalicious
 

A Complete Guide to Changing Your Joomla Website from HTTP to HTTPS

https

Why Change your Website to HTTPS?

Implementing HTTPS improves the security of your website and helps keep communication to and from the website secure.

Websites with HTTPS may rank higher in search engines.

HTTPS enabled websites show a padlock to website visitors so they are more likely to trust the website (especially if it is an e-commerce website) or a website that stores personal client data.

1. Enabling HTTPS

With the introduction of free SSL certificates (e.g. from Let's Encrypt), enabling HTTPS is easier than ever and this can be done in a few clicks in the control panel of a good quality web host or domain registrar.

SiteGround

  • Login to cPanel and click on "Let's Encrypt"
  • Check that the SSL certificate is already installed for the relevant domain
  • Let's Encrypt certificates are automatically renewed

VentraIP Legacy Economy and Business cPanel Accounts

  • Log in to https://vip.ventraip.com.au and go to Shared Hosting -> Manage -> [Domain Name] -> Let's Encrypt SSL
  • Click on "Install" to install the Let's Encrypt certificate for your domain
  • Let's Encrypt certificates are automatically renewed

VentraIP Newer cPanel Accounts

  • Log in to https://vip.ventraip.com.au and go to Shared Hosting -> Manage -> [Domain Name] -> AutoSSL
  • Click on "Start AutoSSL Check" to initiate the installation of the AutoSSL certificate for your domain and follow the prompts to complete the installation
  • AutoSSL certificates are automatically renewed

Zuver

  • Log in to https://my.zuver.net.au and go to Hosting Services -> Manage -> [Domain Name] -> Let's Encrypt
  • Click on "Install" to install the Let's Encrypt certificate for your domain
  • Let's Encrypt certificates are automatically renewed

Check that https is enabled by browsing to the https version of yuor website. You should see a green padlock or similar near the url in your web browser.

2. Joomla

Log in to the back-end of the Joomla website and set System -> Global Configuration -> Server -> Force HTTPS to "Entire Site".

3. htaccess

Redirect the HTTP version of the website to HTTPS by adding the following at the end of the .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

4. Fix Mixed Content

Update any remaining http links to https links so website visitors don't see mixed content warnings in their browsers. The following and similar tools can help identify remaining http links:

  • HTTPS Checker is a desktop application for Windows, Mac or Linux and the free version allows you to crawl up to 500 pages
  • SSL Error Checker is an online tool which checks a single URL
  • WhyNoPadlock is an online tool which checks a single URL

4.1 Akeeba Admin Tools

If the http links can't easily be changed to https (or there are too many to easily change manually), the links can be converted automatically to https using an option in the free or the paid version of Akeeba Admin Tools. This option can be found at Components -> Admin Tools -> SEO and Link Tools -> Convert all links to HTTPS when site is accessed over SSL.

4.2 Regular Labs ReReplacer

The free or paid version of Regular Labs ReReplacer can be used to change all https:// references in the source code to https:// although this is a fairly heavy handed approach and you'd need to check your website is still working as expected after implementing this change.

If using ReReplacer, you could use a link checker such as one of the following to check for broken links:

5. robots.txt

Update http:// references in your robots.txt file to https:// where appropriate.

6. Google Search Console (aka Webmaster Tools)

Add the https version of the website to Search Console and submit the https:// version of the sitemap. Remember to resubmit your site map for the https version of the website.

7. Google Analytics

Change the Property setting of the website from http:// to https://

8. Social Networks

Social Networks usually treat the https version of the website as a separate website so you may have to start from zero again with your "share" and "like" counts. This can sometimes be worked around by choosing an option in your social network extension (e.g. Fast Social Share) to continue to display the share and like counts from the http version of the website until you have collected sufficient shares and likes on the https version of the website.

9. Automatic SSL Certificate Renewal

Let's Encrypt SSL certificates seem to be valid for 90 days and should auto renew 30 days before expiry (at least this is the case on SiteGround). Unfortunately the renewal process sometimes fails. Let's Encrypt certificates are issued for the domain and also any subdomains associated with the main domain e.g. mail.domain-name.com at the time the certificate is created. If the subdomains change in any way during the life of the certificate, the original certificate must be manually cancelled in favour of a new certificate. Assuming your subdomains don't change, then the next renewal should go through as expected.

March 2018 Update:

SiteGround now offer free "wildcard" Let's Encrypt SSL certificates which probably fixes the automatic renewal failure problem.

Removing Unused Joomla Extensions

Benefits

Removing unused third party Joomla extensions has several benefits including:

  • performance improvement
  • reducing website maintenance
  • improving website security
  • reducing conflicts between extensions

There's usually no point removing unused core extensions as there may be dependencies that are not obvious and Joomla updates will likely reinstall these anyway.

Compiling a List of Third Party Extensions

Find which third party extensions are installed by logging in to the back-end of the website and checking for extensions with an Author other than "Joomla Project" at Extensions -> Manage -> Manage. (See below for an example).

Managing Extensions

Ignore the following extensions which are installed by default as part of the Joomla 3.x core:

  • beez3 Template by Angie Radtke
  • Editor - CodeMirror Plugin by Marijn Haverbeke
  • Editor - TinyMCE Plugin by Ephox Corporation
  • Hathor Template by Andrea Tarr
  • IDNA Convert Library by phlyLabs
  • Isis Template by Kyle Ledbetter
  • phpass Library by Solar Designer
  • phputf8 Library by Harry Fuecks
  • protostar Template by Kyle Ledbetter

You can also click on the "ID" column heading to sort by ID and in Joomla 3.x, the third party extensions start at ID = 10000. (Thanks to Tim Davis from www.cybersalt.com for this tip).

How to Check if a Third Party Extension is Being Used

Components

Installed and enabled components are generally found under the Components menu. Some Components are used in the back-end only (e.g. Akeeba Backup) and you will generally know if you are using these types of Components or not.

Components that are used in the front-end are often associated with a menu item so open each Menu and scan the list of menu items to see which components are in use. (See below for an example). You can probably ignore menu items that are disabled.

Menu Administration

Modules

You can see which third party modules are being used at Extensions -> Modules. (See below for an example). You can probably ignore modules that are disabled.

Module Administration

Note that menu items with no module position assigned may or may not be in use as these can be inserted into content using "loadmodule" syntax or similar.

Plugins

You can see which third party plugins are being used at Extensions -> Plugins. (See below for an example). You can probably ignore plugins that are disabled.

Plugin Administration

Templates

You can see which templates are being used at Extensions -> Templates. Templates that are not being used will show "Not assigned". (See below for an example).

Template Administration

Removing Unused Third Party Extensions

Before doing any changes, be sure to run a full backup of the website using Akeeba Backup or similar and copy the backup file off-site as a precaution.

Before removing an extension that looks like it is not being used, I recommend disabling it first and testing the website thoroughly to be sure that everything is still working as expected.

Once you are confident that the extension is not needed, then remove it.

The Best Shared Web Hosting for Australian Businesses and Organisations

As a web developer, I tend to cringe when contacted by prospective clients who tell me that they have already arranged their web hosting. The selected web hosting company is often not the best choice for various reasons.

Web Hosting Tip:
My number one tip when choosing a web hosting company is to ask your web service provider before purchasing a web hosting plan so he or she can recommend a plan that is suitable for your particular requirements. Choosing the wrong plan can be a costly exercise!

With Google now including performance as a ranking factor, it is more important than ever to make good decisions about your web hosting provider.

Shared Hosting

Shared web hosting is an affordable web hosting option where your website is securely hosted on the same server as a number of other websites and usually located in a secure data centre.

Shared hosting suits most businesses and organisations with plans typically offering 1GB, 5GB, 10GB or similar storage space and 250GB, 500GB, unlimited or similar monthly bandwidth.

Choosing a Web Hosting Plan

Your choice of web hosting plan and server location depends on a number of factors such as cost, value for money, the geographic location of your website visitors and the type of website.

The following plans are the ones I tend to recommend for Australian businesses and organisations with Joomla or similar websites. All of these service providers offer good uptime (reliability), security, performance, technical support and value for money. They also keep their servers up to date so you can always select a supported version of PHP for example.

  Australian Customer Base International Customer Base

zuver logo

Zuver "Web Hosting" plan from $36 / year (Sydney or Melbourne)
Yes No1

ventraip logo au

VentraIP "Startup" plan from $83.40 / year (Sydney or Melbourne)
Yes No1

siteground logo

SiteGround "Startup" plan @ $119.40 / year (Chicago, London, Amsterdam, Milan or Singapore)2
No1 Yes

Siteground Logo

SiteGround "GrowBig" plan @ $179.40 / year (Chicago, London, Amsterdam, Milan or Singapore)2
Yes Yes

A Complete Web Hosting Support Platfrom | Cloudaccess.net

CloudAccess web hosting from $60 / year (Detroit, Phoenix or Luxembourg)2
No1 Yes

1 Enabling a suitable content delivery network (CDN) such as CloudFlare or similar on these plans would likely overcome the lag due to distance although I don't tend to recommend adding this extra layer of complexity where good quality web hosting is sufficient.
2 This is an affiliate link. When this link is used to make a purchase, I receive a small commission that helps me to continue providing content like this.

Note that new Zuver, VentraIP and SiteGround customers usually qualify for discounted hosting for the first year so the initial invoice will likely be less than the stated prices.

In general, website owners with a local customer base are usually fine with Zuver or VentraIP in Sydney or Melbourne.

Website owners with an international customer base are better off hosting with SiteGround or CloudAccess.

The SiteGround "GrowBig" account includes dynamic cache with the result that website visitors in Australia load pages as fast as if the website were hosted locally in Australia with Zuver or VentraIP or similar and website visitors in the rest of the world load web pages much faster than if the website were hosted in Australia. The SiteGround "Startup" plan does not have the dynamic cache option so website owners with an Australian customer base are usually better off with a local host such as Zuver or VentraIP or similar.

Other Recommended Web Hosting Companies

For up to date information on the best and worst local web hosting companies, see the latest posts in the Web Hosting Forum on the Whirlpool forums.

Although I don't have much experience with the following local companies, you will probably have a good experience with:

Web Hosting Companies to Avoid

The following web hosting companies are best avoided as these companies will have your web developer tearing his or her hair out!

  • Crazy Domains and associated brands including Aust Domains and Cheap Domains.
  • GoDaddy
  • iiNet. iiNet is an ISP, not a web hosting company. They do offer web hosting but this is not one of their strengths.
  • Melbourne IT and associated brands including WebCentral, Domainz, NetRegistry, Ziphosting, TPP Wholesale, UberGlobal, AussieHQ, Jumba, SmartyHost and Ilisys.

With frequent mergers and acquisitions, the Australian web hosting landscape changes constantly. For up to date information, see the Web Hosts Companies Structure wiki page on the Whirlpool website.

Web Hosting Tip:
You may think you can save $100 or more on annual web hosting fees by choosing a cheaper web hosting provider but savings are invariably consumed when technical issues arise and support staff are unresponsive and/or incompetent.

Website and Web Hosting Performance Check

The longer your website takes to load, the more likely visitors will browse elsewhere. Ideally, web pages should load in less than 4 seconds.

You can test your own website or competitors websites using GTMetrix, Pingdom or similar.

Create a free account on GTMetrix so you can choose which location to run the test from.

Another useful tool for comparing page load speeds around the world is the Sucuri Load Time Tester.

gtmetrix example
pingdom example
sucuri example
 

Move My Website to a Better Web Hosting Company

Moving a website to a new web host typically takes a couple of hours or around $176 inc. GST and includes:

  • backing up the current website
  • finding the most suitable web hosting company for your particular website within your budget
  • purchasing a new web hosting plan on your behalf
  • restoring the website to the new web host
  • updating the domain name to point to the new host
  • testing
  • optionally moving your domain name to the new service provider

Note that you will be moving to a better web hosting company and for most of my clients this is often a cheaper web hosting company so that the cost of the move is soon recovered.

Contact me to enquire about moving web hosts.

Time to Upgrade to a Responsive Template in preparation for "Mobilegeddon" on 21st April

MobilegeddonApparently more than 50% of web searches now originate on mobile devices and Google recently announced that mobile-friendliness will be a ranking signal from April 21st 2015.

A Google Engineer suggests this change will affect as many websites as the Panda and Penguin algorithm updates and industry experts have christened this latest algorithm update, "mobilegeddon".

Responsive Templates

The best way to ensure your Joomla website search ranking is preserved is to implement a responsive template if you don't already have one.

Responsive templates are available for Joomla 2.5 and there were even a few for Joomla 1.5 but Joomla 1.5 and Joomla 2.5 are already "end-of-life" and you should ideally migrate to Joomla 3.x which ships with Bootstrap and already includes some responsive templates.

robots.txt Changes

If you installed Joomla prior to version 3.3, you will likely need to amend your robots.txt file to ensure that Google can access CSS, JavaScript and other files in your template folder to confirm your website is mobile friendly.

Mobile Friendly Testing and Official Instructions from Google

Google has provided a test tool at http://www.google.com/webmasters/tools/mobile-friendly/ so you can check that your website is ticking all the relevant check boxes.

Google has also provided instructions on how best to make your website mobile friendly including specific instructions for Joomla, WordPress and other popular platforms.

More Information

For more information see:

http://searchenginewatch.com/sew/how-to/2398591/-mobilegeddon-is-coming-on-april-21-are-you-ready
http://www.entrepreneur.com/article/244175
http://www.didit.com/mobilegeddon-tip-of-the-week-examine-your-robots-txt-file/
http://www.stemlegal.com/strategyblog/2015/mobilegeddon-the-countdown-is-on/